Get a card
API & Agents

Issuing virtual cards via API for AI agents

A developer-focused walkthrough of the Cryptocardium card API: authenticate with a scoped key, issue and fund virtual Visa or Mastercard cards from crypto, set spend controls, and reconcile over signed webhooks — from REST or a native MCP server.

Updated 11 min read

If you are building an agent or backend that needs to spend money, you need cards you can create and control in code. This guide walks through the Cryptocardium card API end to end — the same surface is available as REST for conventional services and as an MCP server for LLM agents.

Authentication and scopes

Every call is authenticated with a Bearer API key minted in your dashboard. Keys carry scopes so you can hand an agent exactly the power it needs and nothing more.

  • cards:issue — create new cards.
  • cards:fund — move balance onto a card.
  • cards:read — read card details and transactions.
  • cards:control — set limits, freeze, close.

Issue a card

Create a virtual card with a single request. Pick a BIN tuned to the use case — ads, SaaS, wallets or premium spend — and give it a label so you can find it later.

curl -X POST https://cryptocardium.com/api/v1/cards \
  -H "Authorization: Bearer ck_live_…" \
  -H "Content-Type: application/json" \
  -d '{ "type": "virtual", "brand": "visa", "label": "ads-agent" }'
{
  "id": "card_9f2a1c",
  "brand": "visa",
  "last4": "4417",
  "status": "active",
  "balance_usd": 0.00
}

Fund it from crypto

A new card starts at a zero balance. Fund it from your account’s crypto balance — the card is immediately spendable up to that amount.

curl -X POST https://cryptocardium.com/api/v1/cards/card_9f2a1c/fund \
  -H "Authorization: Bearer ck_live_…" \
  -d '{ "amount_usd": 200, "asset": "USDT" }'

Set spend controls

Bound each card before you hand it to an agent. Limits and merchant rules are enforced at authorisation time, server-side.

curl -X POST https://cryptocardium.com/api/v1/cards/card_9f2a1c/limits \
  -H "Authorization: Bearer ck_live_…" \
  -d '{ "monthly_usd": 200, "daily_usd": 50, "mcc_allow": ["5818"] }'

Reconcile with webhooks

Subscribe to authorisation events and verify the signature on each delivery. This keeps your ledger and your agent in sync without polling.

// POST to your webhook URL
{
  "event": "authorization",
  "card_id": "card_9f2a1c",
  "amount_usd": 19.99,
  "merchant": "Cloud API Inc",
  "mcc": "5818",
  "result": "approved"
}
// header: X-Signature: sha256=…

The same flow over MCP

When an LLM agent should drive the cards itself, point an MCP client at the server instead of writing a REST client. The agent sees issue_card, fund_card and set_card_limits as native tools — see the MCP server guide for setup.

Putting it together

Authenticate with a scoped key, issue a card, fund it from crypto, bound it, and reconcile over webhooks. That is the entire loop an agent needs to spend money safely. Open an account and mint your first key to try it.

Open an account
Keep reading

Related guides

API & Agents

Crypto Card MCP Server: Let AI Agents Issue & Fund Cards

Issue, fund and control real payment cards from any MCP-compatible agent — Claude, ChatGPT, Cursor.

Read
API & Agents

Agentic Payments with Crypto: How AI Agents Spend Autonomously

How AI agents pay autonomously with crypto, the protocols that make it work, and how to bound the risk.

Read
Comparison

Best Crypto Card for AI Agents (2026): What to Look For

The criteria that matter for agentic spending, and how the main options stack up.

Read
Ready when you are

Spend your crypto anywhere

Open an account and issue a crypto-funded Visa or Mastercard in about 60 seconds. No KYC, no monthly fees.

Open an account See the lineup
FAQ

Frequently asked questions

Everything people actually ask. Last updated .

How do I issue a virtual card with the API?

Authenticate with a scoped API key, then POST to the card-issue endpoint (or call the issue_card MCP tool) with the card type and label. The card is created in seconds and returned with its id and status. Fund it from your crypto balance with a second call.

Do I need KYC to use the card API?

No. Cards are funded from crypto and require no identity verification, so issuance stays fully programmatic — which is what makes the API suitable for autonomous agents.

What authentication does the API use?

Bearer API keys with granular scopes (for example cards:issue, cards:fund, cards:read). Issue narrow keys per agent and never grant withdrawal scopes to an automated key.

Can I get notified of transactions?

Yes. Every authorisation is delivered as an HMAC-signed webhook so your ledger stays in sync in real time. You can also poll the transactions endpoint.

REST or MCP — which should I use?

Use REST from a traditional backend or cron job. Use the MCP server when an LLM agent should drive the cards directly. Both expose the same capabilities on the same account.